If you use fwbuilder to configure the firewalls on your server, then don’t upgrade to iptables 1.4.16 but keep 1.4.15. Version 1.4.16 does work, but you will see a lot of warnings like:
WARNING: The state match is obsolete. Use conntrack instead.
The syntax of several iptables and ip6tables commands will change, and fwbuilder needs an upgrade so that the correct rules will be generated again. It’s just a matter of time until it really doesn’t work anymore. To stop upgrading, add IgnorePkg = iptables in /etc/pacman.conf until a fwbuilder will be released that generates the new syntax. The iptables package only depends on glibc, and as long as there is no major glibc update you can safely use the 1.4.15 version.